How to Block ISPs on Shopify (Block by Internet Service Provider)

Blocking individual IPs is reactive. Blocking by country is broad. Blocking by ISP sits in between — it lets you ban entire networks (a hosting provider, a specific telecom, a known proxy operator) without affecting the rest of the country or innocent IP neighbors.

This guide explains how ISP blocking works and how to use it on Shopify.

What is ISP blocking?

Every IP address on the internet is allocated to an "Internet Service Provider" — a company that operates the network. Examples:

• Residential ISPs: Comcast, BT, Telstra, Verizon, China Telecom
• Hosting providers: AWS, Google Cloud, Hetzner, OVH, Digital Ocean
• Mobile carriers: T-Mobile, Vodafone, Airtel
• Proxy operators: Luminati, Smartproxy (commercial residential proxy networks)

ISP blocking matches the owner of the IP, not the IP itself. One rule covers all IPs owned by that ISP — which can be millions of addresses.

When to block by ISP

How to block ISPs on Shopify

1. Install Shieldy.
2. Open Block rules → New rule.
3. Rule type: Block.
4. Criteria: ISP → Equals.
5. Enter ISP name (e.g. "Hetzner Online GmbH").
6. Save.

ISP blocking is in the Enterprise plan at $8.99/mo. The Premium plan covers IP/country/VPN; the Enterprise plan adds ISP-level granularity.

Block all hosting providers at once

Most stores want to block all cloud providers, not specific ones. There is a one-click toggle for that:

1. Open Bot Killer.
2. Toggle Block datacenter IPs to ON.

This blocks the ~80 most common hosting providers (AWS, GCP, Azure, OVH, Hetzner, Digital Ocean, Linode, Vultr, etc.) in one rule.

Note: this is in the Premium plan ($4.99/mo) — not a custom ISP rule but a bulk category.

Common ISPs worth blocking

Always safe to block (datacenter only — no consumer traffic):

Amazon Web Services (AS16509)
Google Cloud (AS15169)
Microsoft Azure (AS8075)
DigitalOcean (AS14061)
OVH (AS16276)
Hetzner Online GmbH (AS24940)
Linode (AS63949)
Vultr (AS20473)
Choopa (AS20473)
Contabo (AS51167)
Leaseweb (AS60781)

Block with caution (mixed bot + consumer):

M247 — mostly proxy/VPN exit infrastructure
Quadranet — datacenter and VPN
Total Server Solutions — bot traffic common

Never block (residential ISPs):

Comcast, AT&T, Verizon, BT, Telstra, Vodafone, Orange — real customers

Blocking residential ISPs by name will kill significant legitimate traffic.

ASN vs ISP — what is the difference?

ASN (Autonomous System Number) is the technical network identifier; ISP is the human-readable company name. Both work:

• ASN: AS16509 (specific, unambiguous)
• ISP: Amazon Web Services (human-readable, may have variant spellings)

Shieldy supports both. ASN is more precise; ISP is easier to remember.

How to find the ISP of a visitor

Open Shieldy's Visitor Analytics:

1. Click any visitor row.
2. See full network details: IP, ISP, ASN, country, city.

For external lookups: whois 192.0.2.45 from a terminal returns the ASN and ISP allocation.

Whitelist specific subranges

If you block an ISP but have a legitimate customer using it:

1. New rule → Whitelist → IP address.
2. Enter the specific customer's IP or range.
3. Save.

Whitelist always overrides block, so the customer regains access while the rest of the ISP stays blocked.

ISP blocking and false positives

Some ISPs have mixed traffic. Risks:

• Mobile carriers can route enterprise users through the same network as consumer traffic. Blocking by carrier ISP loses both.
• Universities sometimes share ranges across multiple departments. Blocking the wrong range loses faculty buyers.
• Corporate ISPs for large enterprises (e.g. AT&T Business) have legitimate B2B usage.

Best practice: block datacenter ISPs aggressively, consumer ISPs conservatively.

Real-world example

A merchant we work with noticed a competitor scraping daily from a small French ISP (Online SAS / Scaleway). After identifying the pattern:

• 1,200 page views/day from this ISP
• All from datacenter range (not consumer)
• No legitimate French customers detected from this ISP in 12 months

One rule (block Scaleway ISP) eliminated the scraping. No customer impact.

ISP blocking and SEO

Search engine crawlers (Googlebot, Bingbot) operate from their own dedicated ASNs:

• Googlebot: AS15169 (Google Cloud, but verified separately)
• Bingbot: AS8068 (Microsoft)
• Applebot: AS714 (Apple)

Shieldy auto-whitelists these even if you block Google Cloud as an ISP — IP-level whitelist overrides ASN-level block.

Performance

ISP lookup uses the same MaxMind GeoIP2 database as country lookup. Cached at Shopify's edge. <1ms overhead per request.

Frequently asked questions

Can I block multiple ISPs in one rule?

No — one ISP per rule. The Enterprise plan supports unlimited rules though.

What if the ISP name varies in spelling?

Use the ASN number instead. ASN is unique and canonical.

Will blocking AWS / Google Cloud hurt my B2B sales?

Only if your B2B customers use cloud-based browsers (rare). Most B2B traffic comes from consumer ISPs or corporate VPNs.

Can I block specific ASNs without naming them?

Yes. Rule type → ASN → enter the number (e.g. 16509).

How fresh is the ISP database?

Updated monthly — ISP allocations rarely change. ASN data is refreshed weekly.

Wrapping up

ISP blocking sits at the right level of granularity for most bot and scraper traffic — broader than IPs, narrower than countries. Combined with the bulk datacenter toggle, it eliminates most low-effort scraping in one config.

Install Shieldy free → · See pricing →